Enhanced Code-Signing Scheme for Smartphone Applications
Recently, the number of incidents by malicious codes designed to suspend services and abuse personal information has grown rapidly, and the installation of applications on smart phones has emerged as one of the most common ways by which such malicious codes are spread. Anti-virus programs can be used to curb the spread of such codes, but these have limitations in terms of speed and efficiency. Accordingly, we need to strengthen the safety of application distribution and verification procedures in order to prevent the spread of malicious codes. To this end, this paper examines the problems of existing application distribution procedures, and suggests an enhanced code-signing scheme using the public key infrastructure (PKI) certificate for an application distribution method. It offers improved reliability and security by using code signing technology to secure the integrity of software and developer authentication functions.
KeywordsSmart Phone Security Requirement Security Threat Malicious Code Code Signing
Unable to display preview. Download preview PDF.
- 1.Ballagas, R., et al.: The smart phone: a ubiquitous input device. IEEE Pervasive Computing (2006)Google Scholar
- 2.Mobile Threats, https://www.mylookout.com
- 3.The Korea Times, Personal info of 35 mil. Nate, Cyworld users feared leaked (July 28, 2011)Google Scholar
- 4.Raor, L.: Lookout Identifies Which iPhone And Android Apps Want Your Sensitive Data (July 27, 2010), http://techcrunch.com
- 5.Guo, C., Wang, H.J., Zhu, W.: Smart-Phone Attacks and Defenses. In: HotNets III (November 2004)Google Scholar
- 6.Mulliner, C.R.: Security of Smart Phone, Master’s Thesis of University of California (June 2006)Google Scholar
- 10.Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S.: Google Android: A State of the Art Review of Security Mechanisms, arXiv 2009 (November 2009)Google Scholar
- 11.Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S.: Google Android: A State-of-the-Art Review of Security Mechanisms, http://arxiv.org/ftp/arxiv/papers/0912/0912.5101.pdf
- 12.Housley, R., et al.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (April 2002)Google Scholar
- 13.An RSA Laboratories Technical note, PKCS7 : Cryptographic Message Syntax Standard (November 1, 1993)Google Scholar